If you work in marketing and even if you don’t, you have most likely heard about the General Data Protection Regulation. ‘GDPR’ is something which has been developed by the European Parliament and will affect how we all work with personal data. Once it comes into place next May, there will be much stricter rules around the collection and use of data.
Whilst this is all really great news for the individual, the introduction of GDPR does have huge implications for businesses who deal with data. Industry press is full of scare-monger stories about six-figure fines for breaching data rules and we’ve already seen a plethora of opinion pieces on how and why GDPR is good, bad and ugly.
Let’s be clear, the changes are vast. They affect data and the way we use it in four key ways:
- Request to access data
- Breaches and notification
- Processing of data
- Customer profiling
What we’ve struggled to get a sense of, is whether we, in the UK, are ready for GDPR. How compliant are we and is there a lot of work to do? To gauge the answer, I spoke to experts here in Bristol to assess the situation.
How ready is the UK for GDPR?
From our perspective, the overwhelming answer was that we’re not. But, that we’re moving in the right direction.
Clearly, the amount of work required varies by company type and size and for smaller organisations with simpler or smaller amounts of data, changes can be implemented more easily. But, that said, the limited capabilities of smaller companies may pose another kind of challenge.
Helen Tanner of data consultancy Data Cubed said that to her knowledge no-one is ready. Referring to her own clients she said all of them have started work, most have a plan and they’re making progress. But none of them are 100% ready yet. That’s OK though…8 months to go!
We work closely with Lloyds Banking Group around their direct response communications and our Account Director Eva Renoux has already spent a long time discussing GDPR with her marketing clients. Of all the sectors affected by GDPR, Financial Services could be best placed to ride the wave because they already practice many of the recommended steps.
“One of the singularities of the situation is that the challenge in working towards being GDPR compliant is double – ensuring customer consent is renewed and subsequent processes and practices updated on time whilst requirements are still being defined with important questions left unanswered, such as Brexit”
There seems to be a confusion around Brexit too. There shouldn’t be. The UK government has committed to GDPR, irrespective of our position within the EU and so, we must comply in the same way as every other country. In fact, every business across the globe will need to comply if they want to communicate with individuals within the EU.
How much do we understand about GDPR?
We’ve seen a lot of noise in the industry press about GDPR and a number of webinars and workshops have begun popping up too. Helen Tanner believes that whilst there appears to be a basic understanding of GDPR at most levels within businesses, there is a knowledge and understanding gap when it comes to the detail.
Every business will have to take some kind of action, and driving change at an individual business level is hard. Coupled with the guidance from the ICO becoming more detailed and specific, with more real-life examples, every day. It’s a massive task. But many of us have worked on similar projects over the years, so what’s new?! There is no doubt in Helen’s mind that GDPR is a positive step:
“This is all about transparency and building trust with customers. That can only be a great thing. Despite the administrative hurdles and organisational change required to get there, GDPR is good for customers. So, it will be good for business.”
Our own Digital Director, Raymond O’Sullivan sees GDPR as a positive, especially when it comes to long-term digital adoption and transformation.
“It’s a huge opportunity. Large organisations can now declutter their customer data in a positive, honest and managed way. Brands have an opportunity to positively engage with their customers on their needs, without historic negative and commercial restraints.
Our workforces need to be equipped for this conversation also, especially on a day-to-day level. This isn’t happening yet, but I feel traction is growing very fast now. Six are focused on an enhanced data knowledge and culture across our teams. GDPR, both in design and its technical regulations, will be a long-term default for us.”
Here at Six, we’re working to update our own policy regarding communications to our database, updating processes, training each individual and identifying Data Protection Officers. We’ll be contacting our clients soon to give them an option on whether they opt-in for future newsletters.